aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/Remoting.cs
diff options
context:
space:
mode:
authorlbsa712007-10-31 07:28:23 +0000
committerlbsa712007-10-31 07:28:23 +0000
commit064404ab409ddd0a3b25027a98582696295c46fd (patch)
treebd84ec2e23930f76e7cc81c8529ef71936c86dd9 /OpenSim/Framework/Remoting.cs
parentmade illogical bitwise operations logical (diff)
downloadopensim-SC-064404ab409ddd0a3b25027a98582696295c46fd.zip
opensim-SC-064404ab409ddd0a3b25027a98582696295c46fd.tar.gz
opensim-SC-064404ab409ddd0a3b25027a98582696295c46fd.tar.bz2
opensim-SC-064404ab409ddd0a3b25027a98582696295c46fd.tar.xz
* Moved OpenSim/Framework/General to OpenSim/Framework for great justice.
Diffstat (limited to 'OpenSim/Framework/Remoting.cs')
-rw-r--r--OpenSim/Framework/Remoting.cs134
1 files changed, 134 insertions, 0 deletions
diff --git a/OpenSim/Framework/Remoting.cs b/OpenSim/Framework/Remoting.cs
new file mode 100644
index 0000000..667ae69
--- /dev/null
+++ b/OpenSim/Framework/Remoting.cs
@@ -0,0 +1,134 @@
1/*
2* Copyright (c) Contributors, http://opensimulator.org/
3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4*
5* Redistribution and use in source and binary forms, with or without
6* modification, are permitted provided that the following conditions are met:
7* * Redistributions of source code must retain the above copyright
8* notice, this list of conditions and the following disclaimer.
9* * Redistributions in binary form must reproduce the above copyright
10* notice, this list of conditions and the following disclaimer in the
11* documentation and/or other materials provided with the distribution.
12* * Neither the name of the OpenSim Project nor the
13* names of its contributors may be used to endorse or promote products
14* derived from this software without specific prior written permission.
15*
16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS AND ANY
17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26*
27*/
28using System;
29using System.Security.Cryptography;
30using System.Text;
31
32namespace OpenSim.Framework
33{
34 /// <summary>
35 /// NEEDS AUDIT.
36 /// </summary>
37 /// <remarks>
38 /// Suggested implementation
39 /// <para>Store two digests for each foreign host. A local copy of the local hash using the local challenge (when issued), and a local copy of the remote hash using the remote challenge.</para>
40 /// <para>When sending data to the foreign host - run 'Sign' on the data and affix the returned byte[] to the message.</para>
41 /// <para>When recieving data from the foreign host - run 'Authenticate' against the data and the attached byte[].</para>
42 /// <para>Both hosts should be performing these operations for this to be effective.</para>
43 /// </remarks>
44 internal class RemoteDigest
45 {
46 private byte[] currentHash;
47 private byte[] secret;
48
49 private SHA512Managed SHA512;
50
51 /// <summary>
52 /// Initialises a new RemoteDigest authentication mechanism
53 /// </summary>
54 /// <remarks>Needs an audit by a cryptographic professional - was not "roll your own"'d by choice but rather a serious lack of decent authentication mechanisms in .NET remoting</remarks>
55 /// <param name="sharedSecret">The shared secret between systems (for inter-sim, this is provided in encrypted form during connection, for grid this is input manually in setup)</param>
56 /// <param name="salt">Binary salt - some common value - to be decided what</param>
57 /// <param name="challenge">The challenge key provided by the third party</param>
58 public RemoteDigest(string sharedSecret, byte[] salt, string challenge)
59 {
60 SHA512 = new SHA512Managed();
61 Rfc2898DeriveBytes RFC2898 = new Rfc2898DeriveBytes(sharedSecret, salt);
62 secret = RFC2898.GetBytes(512);
63 ASCIIEncoding ASCII = new ASCIIEncoding();
64
65 currentHash = SHA512.ComputeHash(AppendArrays(secret, ASCII.GetBytes(challenge)));
66 }
67
68 /// <summary>
69 /// Authenticates a piece of incoming data against the local digest. Upon successful authentication, digest string is incremented.
70 /// </summary>
71 /// <param name="data">The incoming data</param>
72 /// <param name="digest">The remote digest</param>
73 /// <returns></returns>
74 public bool Authenticate(byte[] data, byte[] digest)
75 {
76 byte[] newHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data));
77 if (digest == newHash)
78 {
79 currentHash = newHash;
80 return true;
81 }
82 else
83 {
84 throw new Exception("Hash comparison failed. Key resync required.");
85 }
86 }
87
88 /// <summary>
89 /// Signs a new bit of data with the current hash. Returns a byte array which should be affixed to the message.
90 /// Signing a piece of data will automatically increment the hash - if you sign data and do not send it, the
91 /// hashes will get out of sync and throw an exception when validation is attempted.
92 /// </summary>
93 /// <param name="data">The outgoing data</param>
94 /// <returns>The local digest</returns>
95 public byte[] Sign(byte[] data)
96 {
97 currentHash = SHA512.ComputeHash(AppendArrays(AppendArrays(currentHash, secret), data));
98 return currentHash;
99 }
100
101 /// <summary>
102 /// Generates a new challenge string to be issued to a foreign host. Challenges are 1024-bit (effective strength of less than 512-bits) messages generated using the Crytographic Random Number Generator.
103 /// </summary>
104 /// <returns>A 128-character hexadecimal string containing the challenge.</returns>
105 public static string GenerateChallenge()
106 {
107 RNGCryptoServiceProvider RNG = new RNGCryptoServiceProvider();
108 byte[] bytes = new byte[64];
109 RNG.GetBytes(bytes);
110
111 StringBuilder sb = new StringBuilder(bytes.Length*2);
112 foreach (byte b in bytes)
113 {
114 sb.AppendFormat("{0:x2}", b);
115 }
116 return sb.ToString();
117 }
118
119 /// <summary>
120 /// Helper function, merges two byte arrays
121 /// </summary>
122 /// <remarks>Sourced from MSDN Forum</remarks>
123 /// <param name="a">A</param>
124 /// <param name="b">B</param>
125 /// <returns>C</returns>
126 private byte[] AppendArrays(byte[] a, byte[] b)
127 {
128 byte[] c = new byte[a.Length + b.Length];
129 Buffer.BlockCopy(a, 0, c, 0, a.Length);
130 Buffer.BlockCopy(b, 0, c, a.Length, b.Length);
131 return c;
132 }
133 }
134} \ No newline at end of file